Unban Hub
One-stop guide to fixing incorrect bans (community project, not affiliated with Jagex)
Post a short, factual note and include your support ticket number.
“Appeal submitted with evidence; requesting meaningful human review (Art.22). SAR filed for data/logic (Art.15). Membership active while locked out. Ticket #[ENTER TICKET NUMBER].”
@JagexSupport →The DPO has 1 month to respond (extendable only with a reasoned notice before the deadline).
I’m making a Subject Access Request under Article 15 UK GDPR and exercising my Article 22 rights regarding a recent investigation and ban on my RuneScape account.
Scope & timeframe
All personal data relating to my account and the investigation/enforcement for the last 2 months.
Data requested (non-exhaustive)
• Detection & enforcement records: logs/flags, event timestamps (UTC), rule/category names, confidence scores/thresholds crossed, session IDs/worlds, activity labels, internal case notes, and ban decision records.
• Client/telemetry & device data: client version(s), recorded plugin/module data, input/telemetry (e.g., click/keypress timing where stored), device fingerprints/IDs, OS/browser versions, IPs and login metadata.
• Correspondence & internal notes related to my case and appeals.
• Automated decision info (Art. 15(1)(h)): meaningful information about the logic involved, data sources/factors considered, and the significance of the processing leading to the classification (I am not requesting trade secrets, source code, or details that would compromise security).
• Human review: whether a meaningful human review occurred; date(s) [ENTER DATES]; reviewer role/team; and how my explanations (if any) were considered.
• Sources/recipients/retention: categories of sources, recipients (including any third parties/transfers), and relevant retention policies.
Article 22 request
Please confirm whether the ban decision was solely automated. If so, I exercise Article 22(3) to obtain meaningful human intervention and review, to present my views, and to contest the decision.
Format
Please provide data in a commonly used electronic format (CSV/JSON/PDF) with clear field names and UTC timestamps. If anything is withheld, please specify the legal basis for each redaction.
To: dpo@jagex.com
Subject: Confirmation — SAR (Art. 15) + Article 22 request
Thanks for the acknowledgement. Per your note, I have submitted the “Request your personal data” form. This email confirms that my request is a combined Subject Access Request under Article 15 UK GDPR and an Article 22 request. Please treat my original message as the statement of scope and wording. I’m happy to complete any ID checks via your secure channel.
Under Article 12(3), a substantive response to my SAR/Article 22 request is due within one month of receipt (extendable only with a reasoned notice provided before the deadline). I require confirmation that this ban decision has undergone meaningful human review (i.e., not solely automated), and a SAR response that includes my relevant data and meaningful information about the logic involved in the decision per Article 15(1)(h).
Preservation notice: Please preserve all evidence related to this decision from [ENTER DATES] to present, including (without limitation) telemetry, detection outputs/flags, server-side timestamps, device/client data, internal case notes, and appeal-handling records, pending completion of the review and SAR.
I also object (Art. 21) to profiling that labeled my account activity as macroing and request restriction (Art. 18) of processing of the disputed enforcement data pending resolution. Please record my contestation of accuracy (Art. 16) in the file.
If I do not receive a compliant response within the statutory timeframe, I will escalate to the UK ICO. Separately, if access remains denied during paid membership periods, I reserve my rights to seek pro-rata refund/compensation via appropriate consumer channels.
Please confirm receipt of this message and provide a reference number for this SAR/Article 22 request.
Kind regards,
Missed deadline or boilerplate only? Complain to the UK data regulator and attach your SAR text, dates, and replies.
ICO Complaint ↗If advertised processes don’t match reality (e.g., “two-stage human review” and “up to 7-day” response, but 10–30 days with template denials; pro-rata only on request), you can report for assessment of potential misleading practice and inadequate redress for a paid service.
Contact CMA ↗This site shares community info—not legal advice. Make sure your report accurately reflects your own experience.
Denied access while membership was active? Ask for a pro-rata refund/credit. If ignored, send a Letter Before Claim (England & Wales) and then file a small claim.
Subject: Pre-Action Letter — Pro-rata refund for denied access I purchased membership at [price/period] and was denied access for [N] days ([ENTER DATES]) due to a contested ban/appeal. This is services not provided for those days. Amount due: [price ÷ billing-days] × [N] = [£/$/€ amount]. Remedy sought: pay within 14 days or I will file a civil money claim. Please preserve all relevant records. Identifiers: account email, RSN(s), relevant ticket numbers, invoice/receipt ID(s). Preferred payment method: [bank transfer / card credit / account credit].
Always use official portals for account security and data requests.
This site shares community information only and is not legal advice. If you report to regulators (e.g., CMA/ICO) or send a pre-action letter, ensure your reasons are genuine to your case and your facts are accurate.
We’re independent and not affiliated with Jagex. Any information on this website is our opinion.